diff --git a/docs/threatslayer-privacy-policy.md b/docs/threatslayer-privacy-policy.md
new file mode 100644
index 0000000..e5dbb76
--- /dev/null
+++ b/docs/threatslayer-privacy-policy.md
@@ -0,0 +1,79 @@
+# ThreatSlayer Data Privacy Policy
+
+This document will cover the ThreatSlayer data collected and used by Interlock, a web3 security company.
+
+## ThreatSlayer
+
+ThreatSlayer is a browser extension by Interlock. It protects users from malicious websites. Registered users will be eligible to receive Interlock's $ILOCK token in exchange for browsing. 
+
+When ThreatSlayer is running in your browser, it:
+
+1. Sends the URL you are browsing to our backend to check if the URL is safe
+
+2. Blocks URLs that we detect are malicious, to protect you from entering sensitive information
+
+3. (For users who register with us) Sends a unique key together with the URL in order to accurately calculate rewards for you
+
+Note: You do not need to register in order to use and be protected by ThreatSlayer. But only registered users will be rewarded for browsing. 
+
+ThreatSlayer is an open source project – you can see the source code on [GitHub](https://github.com/interlock-network/threatslayer).
+
+## Data We Store for Scanning URLs
+
+Interlock maintains a backend classifier that classifies URLs as safe or malicious. To do so, we collect and retain certain kinds of data. This data is not considered personally identifiable information (PII), and thus is not protected under the General Data Protection Regulation (GDPR) or similar legislation. This includes:
+
+* Contents of the page
+
+Note: Query string parameters will be stripped from the scanned URL for privacy.
+
+## User Data We Store for Token Rewards
+
+Interlock's business is based on protecting users with ThreatSlayer while identifying malicious URLs. We therefore reward registered ThreatSlayer users for the URLs they browse, especially malicious ones. In order to reward users fairly, we store the following data:
+
+* The username, a password hash, the user's web3 signature, and the web3 account ID users are registered with, and
+
+* The URLs registered users visit
+
+## Analytics Data
+
+Interlock will store the following information for URL classification:
+
+* Resolvable URLs
+
+* The data generated by Interlock about the link: classification as safe or malicious, etc.
+
+Note: Analytics data may be stored indefinitely.
+
+## Data Anonymization and Deletion Policy
+
+If a user posts a safe URL, Interlock will retain the URL and the “safe” classification in case another user posts the same URL in the future.
+
+If a user wishes for anonymity, they can use ThreatSlayer without registering, and there will be no data stored by Interlock connecting the user to their browsing activity.
+
+## Who We May Share or Sell Your Data To
+
+One of the ways Interlock makes money is to sell threat data to major Internet companies. To do so, we may sell URLs that you navigate to and that we classify as malicious. We may also sell related browsing data, like the site you navigated to that had the link to that malicious URL. We may also sell threat data and related browsing data to third party brokers who bundle together threat data for sale to Internet companies.
+
+## Your Data Choices, Rights, and Controls
+
+Access: You have the right to confirm whether we are processing your personal information and to access your personal information.
+
+Opt-out: You can prevent Interlock from collecting any data about you by not registering for ThreatSlayer. We will never associate any part of your identity with any data you generate. We may still sell any URLs you navigate to that we classify as malicious. 
+
+Deletion: If you are a registered user, you can delete your account at any time. This will delete your association with any URLs you navigate to. Again, we may still sell any URLs you navigate to that we classify as malicious.
+
+Correction: You have the right to request correction of your inaccurate personal information.
+
+Non-discrimination: We will not discriminate against you based on whether you are registered, unregistered, or deleted. You will receive the same protection against malicious URLs.
+
+Appeal: If you have any unresolved privacy concerns that we have not addressed satisfactorily after contacting us, you may have the right to appeal our decision by responding directly in your request or by sending another email and indicating that you are appealing our response to your previous request.
+
+## Data Processing
+
+All ThreatSlayer data is processed on DigitalOcean infrastructure located in the United States. It is stored in a Digital Ocean virtual machine that is only accessible to authorized Interlock employees.
+
+## How to Contact Us and Exercise Your Rights
+
+If you are a registered user and would like to exercise your right to delete your account and associated data, you can do so by clicking here (TODO: add URL)
+
+If you have any questions or concerns about ThreatSlayer, please email threatslayer@interlock.network